We'd like to give some further information on the loss of portal services on 7th April. Due to the cause of the incident, we were unable to comment at the time.
The loss of portal service was due to a DoS attack by a known criminal gang who are regularly targetting businesses in the cloud/IT/communications space demanding payment in Bitcoin and other crypto currencies to first not attack and then if an attack is started, to stop the attack. This has been more common with VoIP providers in the last 6 months but we are seeing an increasing number of online services such as ours coming in to the cross hairs.
Due to the type of attack and ransom, the guidance from the NCA was not to make any public statements which may anger the attackers more and extend the span of the attack greater than would already be the case.
Our network already benefits from DoS protection but the attack vector was specific to ensuring maximum impact but also harder to block. We quickly added further defences on to the network including our portal for greater layer 7 defence which allowed us to get the portal back online. Due to the potential repeat attacks, this protection is set to maximum and the hardware vendor has warned that some false positive blocking may occur. If you are attempt to gain access to the portal and receive a "connection terminated" message, please contact us with your IP to have this whitelisted.
We would like to make clear, there was no risk to the data or information held in the portal. This was simply a DoS attack aimed at taking down a service for a period of time and we believe the attackers have moved on to their next target as they were not able to extort money from us.